Edvan 30 Denunciar post Postado Março 15, 2011 Ola pessoal! gostaria de saber se tem algum virus nesse log abaixo.. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 02:38:48, on 15/3/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\Explorer.EXE C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\VTTimer.exe C:\Arquivos de programas\USB Disk Security\USBGuard.exe C:\WINDOWS\system32\S3trayp.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\PowerS.exe C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\Arquivos de programas\Samsung\Samsung New PC Studio\NPSAgent.exe C:\WINDOWS\system32\FsUsbExService.Exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe C:\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R3 - URLSearchHook: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Arquivos de programas\Messenger_Plus_Live\prxtbMes2.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Bing.Toolbar - {074965C8-6F6A-4FF2-9037-E74337BCF2E0} - C:\WINDOWS\system32\Gbas.dll O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Arquivos de programas\ConduitEngine\prxConduitEngine.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Messenger Plus Live - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Arquivos de programas\Messenger_Plus_Live\prxtbMes2.dll O3 - Toolbar: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Arquivos de programas\Messenger_Plus_Live\prxtbMes2.dll O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Arquivos de programas\ConduitEngine\prxConduitEngine.dll O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [uSB Antivirus] C:\Arquivos de programas\USB Disk Security\USBGuard.exe O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [s3Trayp] S3trayp.exe O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HDAudDeck] C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe 1 O4 - HKLM\..\RunOnce: [CStrip] C:\WINDOWS\system32\CStrip.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Arquivos de programas\Samsung\Samsung New PC Studio\NPSAgent.exe O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264598012906 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264617470953 O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe -- End of file - 7072 bytes Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Março 15, 2011 Olá Edvan 1. *Baixe o AD-Remover e salve-o no desktop *Execute-o, clique [Clean] > [sim] > [OK] > [sim] *O PC será reiniciado *Cole o relatório C:\Ad-Report-CLEAN[1].txt 2. *Baixe o MalwareBytes e salve-o no desktop *Instale o programa e aguarde a atualização *O programa será aberto automaticamente *Na aba [Verificação], selecione [Verificação completa] *Clique [Verificar] e selecione a partição onde o Windows está instalado *Ao finalizar o scan, clique [sIM] > [OK] > [Ver Resultados] > [Remover Selecionados] *Cole o relatório apresentado Caso já tenha o Malwarebytes instalado... *Abra o Malwarebytes, clique [Atualização] > [baixar Atualizações] *Na aba [Verificação], selecione [Verificação completa] *Clique [Verificar] e selecione a partição onde o Windows está instalado *Ao finalizar o scan, clique [sIM] > [OK] > [Ver Resultados] > [Remover Selecionados] *Cole o relatório apresentado Compartilhar este post Link para o post Compartilhar em outros sites
Edvan 30 Denunciar post Postado Março 25, 2011 Desculpa cara não ter respondido antes, é porque esse log é de um pc de uma amiga, tenho que dar um jeito de acessar o pc dela remotamente para fazer o procedimento, mais de antemão eu já passei o Malwarebytes e removir duas pragas!,,.. Depois passo o AD-Remover .. Me respondi uma coisa, essas entradas são normais? C:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Internet Explorer\iexplore.exeC:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe Valeu brother.. Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Março 25, 2011 Sim...pode ocorrer. Aguardando os relatórios. Compartilhar este post Link para o post Compartilhar em outros sites
Edvan 30 Denunciar post Postado Abril 11, 2011 wings, desconsidere o log anterior, não tenho mais acesso a esse pc... Analise por favor o log abaixo: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:55:49, on 11/4/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\TeamViewer\Version6\TeamViewer_Service.exe C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Arquivos de programas\TeamViewer\Version6\TeamViewer.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\TeamViewer\Version6\tv_w32.exe C:\Arquivos de programas\Panda USB Vaccine\USBVaccine.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe C:\Arquivos de programas\Orbitdownloader\orbitdm.exe C:\Arquivos de programas\Orbitdownloader\orbitnet.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqbam08.exe C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgHelper.dll O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: PriceGong - {1631550F-191D-4826-B069-D9439253D926} - C:\Arquivos de programas\PriceGong\2.1.0\PriceGongIE.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Arquivos de programas\Arquivos comuns\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" O4 - HKLM\..\Run: [switchBoard] C:\Arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Arquivos de programas\Arquivos comuns\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Edvan\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: CesarFTP.lnk = C:\Arquivos de programas\CesarFTP\CesarFTP.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1292541760281 O16 - DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} (OCXDownloadChecker Control) - http://189.124.131.128:8283/cab/OCXChecker_8320.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {EFA7D1AF-C6FB-4BCB-8A7B-A1FE9825D0B3} (XQWebView Control) - http://189.45.97.36:8080/WebControl.cab O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Avira AntiVir Agendamento (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Arquivos de programas\TeamViewer\Version6\TeamViewer_Service.exe O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe -- End of file - 12284 bytes Adiantando algumas ferramentas.. ComboFix 11-04-10.04 - Edvan 11/04/2011 12:11:02.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2036.1469 [GMT -3:00] Executando de: c:\documents and settings\Edvan\Desktop\ComboFix.exe AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} * Criado um novo ponto de restauração . . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Edvan\Dados de aplicativos\PriceGong c:\documents and settings\Edvan\Dados de aplicativos\PriceGong\Data\1.xml c:\documents and settings\Edvan\Dados de aplicativos\PriceGong\Data\a.xml c:\documents and settings\Edvan\Dados de aplicativos\PriceGong\Data\b.xml c:\documents and settings\Edvan\Dados de aplicativos\PriceGong\Data\c.xml c:\documents and settings\Edvan\Dados de aplicativos\PriceGong\Data\d.xml c:\documents and settings\Edvan\Dados de aplicativos\PriceGong\Data\e.xml c:\documents and settings\Edvan\Dados de aplicativos\PriceGong\Data\f.xml c:\documents and settings\Edvan\Dados de aplicativos\PriceGong\Data\g.xml c:\documents and settings\Edvan\Dados de aplicativos\PriceGong\Data\h.xml c:\documents and settings\Edvan\Dados de aplicativos\PriceGong\Data\i.xml c:\documents and settings\Edvan\Dados de aplicativos\PriceGong\Data\J.xml c:\documents and settings\Edvan\Dados de aplicativos\PriceGong\Data\k.xml c:\documents and settings\Edvan\Dados de aplicativos\PriceGong\Data\l.xml c:\documents and settings\Edvan\Dados de aplicativos\PriceGong\Data\m.xml c:\documents and settings\Edvan\Dados de aplicativos\PriceGong\Data\mru.xml c:\documents and settings\Edvan\Dados de aplicativos\PriceGong\Data\n.xml c:\documents and settings\Edvan\Dados de aplicativos\PriceGong\Data\o.xml c:\documents and settings\Edvan\Dados de aplicativos\PriceGong\Data\p.xml c:\documents and settings\Edvan\Dados de aplicativos\PriceGong\Data\q.xml c:\documents and settings\Edvan\Dados de aplicativos\PriceGong\Data\r.xml c:\documents and settings\Edvan\Dados de aplicativos\PriceGong\Data\s.xml c:\documents and settings\Edvan\Dados de aplicativos\PriceGong\Data\t.xml c:\documents and settings\Edvan\Dados de aplicativos\PriceGong\Data\u.xml c:\documents and settings\Edvan\Dados de aplicativos\PriceGong\Data\v.xml c:\documents and settings\Edvan\Dados de aplicativos\PriceGong\Data\w.xml c:\documents and settings\Edvan\Dados de aplicativos\PriceGong\Data\x.xml c:\documents and settings\Edvan\Dados de aplicativos\PriceGong\Data\y.xml c:\documents and settings\Edvan\Dados de aplicativos\PriceGong\Data\z.xml c:\windows\system32\zip32.dll. . ((((((((((((((((((((((((((((((((((((((( Drivers/Serviços ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_NPF . . (((((((((((((((( Arquivos/Ficheiros criados de 2011-03-11 to 2011-04-11 )))))))))))))))))))))))))))) . . 2011-04-08 22:41 . 2011-04-08 22:41 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Norton 2011-04-08 22:41 . 2011-04-08 22:49 -------- d-----w- c:\documents and settings\Edvan\Configurações locais\Dados de aplicativos\NPE 2011-04-08 21:14 . 2011-04-08 21:14 -------- d-----w- c:\arquivos de programas\PriceGong 2011-04-08 21:11 . 2011-04-08 22:21 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\SweetIM 2011-04-08 21:11 . 2011-04-08 22:21 -------- d-----w- c:\arquivos de programas\SweetIM 2011-04-06 15:56 . 2011-04-06 15:56 -------- d-----w- c:\arquivos de programas\Arquivos comuns\MGB 2011-04-06 15:56 . 2011-04-06 15:56 -------- d-----w- c:\arquivos de programas\Aulete digital 2011-04-02 03:39 . 2011-04-09 15:08 -------- d-----w- c:\arquivos de programas\EpocCam 2011-04-01 19:05 . 2011-04-01 19:05 -------- d-----w- c:\documents and settings\Edvan\Configurações locais\Dados de aplicativos\Nero 2011-04-01 01:59 . 2011-04-01 01:59 -------- d-----w- c:\arquivos de programas\FreeTime 2011-03-27 02:52 . 2011-03-27 02:53 -------- d-----w- c:\documents and settings\Edvan\Dados de aplicativos\Toolbar4 2011-03-27 00:03 . 2011-03-27 00:06 -------- d-----w- c:\documents and settings\Edvan\Dados de aplicativos\GetRightToGo 2011-03-26 23:25 . 2011-03-26 23:25 -------- d-----w- c:\documents and settings\Edvan\Dados de aplicativos\CTdeveloping 2011-03-26 23:23 . 2011-03-26 23:23 -------- d-----w- c:\documents and settings\Edvan\Dados de aplicativos\BabylonToolbar 2011-03-26 23:18 . 2007-08-21 16:32 98304 ----a-w- c:\windows\system32\redmonnt.dll 2011-03-26 23:16 . 2011-03-26 23:22 -------- d-----w- c:\arquivos de programas\FoxTabPDFConverter 2011-03-26 01:28 . 2011-03-27 03:00 -------- d-----w- c:\documents and settings\Edvan\Dados de aplicativos\Skype 2011-03-26 01:28 . 2011-03-26 01:28 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Skype 2011-03-22 23:52 . 2011-03-22 23:52 -------- d-----w- c:\windows\MjM Free Photo Recovery Software 2011-03-22 02:38 . 2011-03-22 02:55 -------- d-----w- c:\documents and settings\Edvan\Dados de aplicativos\Download Manager 2011-03-19 01:59 . 2011-03-27 02:46 -------- d-----w- c:\documents and settings\Edvan\Dados de aplicativos\Dev-Cpp 2011-03-17 02:38 . 2011-03-17 02:38 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Panda Security 2011-03-17 02:38 . 2011-03-17 02:38 -------- d-----w- c:\arquivos de programas\Panda USB Vaccine 2011-03-17 02:31 . 2011-03-17 02:31 -------- d-----w- C:\PenClean 2011-03-17 02:20 . 2011-03-17 02:20 -------- d--h--w- c:\windows\system32\GroupPolicy 2011-03-12 15:28 . 2011-03-12 15:28 103864 ----a-w- c:\arquivos de programas\Mozilla Firefox\plugins\nppdf32.dll . . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-03-31 22:13 . 2010-12-16 08:41 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-03-20 13:02 . 2010-12-20 00:41 164880 ---ha-w- c:\documents and settings\Edvan\Dados de aplicativos\Microsoft\Virtual PC\VPCKeyboard.dll 2011-03-04 02:19 . 2011-03-04 02:19 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-03-04 02:19 . 2011-03-04 02:19 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-02-17 21:06 . 2011-02-20 02:45 160560 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys 2011-02-17 21:06 . 2011-02-20 02:45 44784 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys . . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2011-02-01 141616] . [HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}] 2010-08-18 10:08 353656 ----a-w- c:\arquivos de programas\PriceGong\2.1.0\PriceGongIE.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}] 2011-02-01 18:58 1499440 ----a-r- c:\arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-02-01 1499440] . [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-02-01 1499440] . [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080] "Google Update"="c:\documents and settings\Edvan\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2010-12-16 136176] "ares"="c:\arquivos de programas\Ares\Ares.exe" [2010-10-27 1015808] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2010-09-03 281768] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-16 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-16 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-16 137752] "HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "RTHDCPL"="RTHDCPL.EXE" [2008-01-16 16384512] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 110592] "NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe" [2008-04-28 570664] "NBKeyScan"="c:\arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352] "Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] "Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-10-29 249064] "AdobeAAMUpdater-1.0"="c:\arquivos de programas\Arquivos comuns\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-06 500208] "SwitchBoard"="c:\arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\arquivos de programas\Arquivos comuns\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360] . c:\documents and settings\Edvan\Menu Iniciar\Programas\Inicializar\ CesarFTP.lnk - c:\arquivos de programas\CesarFTP\CesarFTP.exe [N/A] . c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\ HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768] Orbit.lnk - c:\arquivos de programas\Orbitdownloader\orbitdm.exe [2011-2-2 1838904] . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\Messenger\\msmsgs.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqusgm.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqusgh.exe"= "c:\\Arquivos de programas\\HP\\HP Software Update\\HPWUCli.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"= "c:\\Arquivos de programas\\TeamViewer\\Version6\\TeamViewer.exe"= "c:\\Arquivos de programas\\TeamViewer\\Version6\\TeamViewer_Service.exe"= "c:\\Arquivos de programas\\Ares\\Ares.exe"= "c:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"= "c:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5900:TCP"= 5900:TCP:jbjh "5800:TCP"= 5800:TCP:hyhb . R2 AntiVirSchedulerService;Avira AntiVir Agendamento;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [16/12/2010 05:41 135336] R2 TeamViewer6;TeamViewer 6;c:\arquivos de programas\TeamViewer\Version6\TeamViewer_Service.exe [17/12/2010 17:41 2228008] S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [17/12/2010 17:20 136176] S3 SwitchBoard;SwitchBoard;c:\arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe [19/2/2010 13:37 517096] S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Conteúdo da pasta 'Tarefas Agendadas' . 2011-04-11 c:\windows\Tasks\AdobeAAMUpdater-1.0-ORDENADA-D6B06C-Edvan.job - c:\arquivos de programas\Arquivos comuns\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-03-06 14:35] . 2011-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-12-17 22:33] . 2011-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-12-17 22:33] . 2011-04-11 c:\windows\Tasks\PandaUSBVaccine.job - c:\arquivos de programas\Panda USB Vaccine\RunInteractiveWin.exe [2011-03-17 19:45] . 2011-04-11 c:\windows\Tasks\User_Feed_Synchronization-{5CDA444A-0E88-4B14-B401-700CF855461D}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 06:31] . . ------- Scan Suplementar ------- . uStart Page = hxxp://www.google.com.br/ mWindow Title = IE: &Download by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/204 IE: Do&wnload selected by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/202 IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} - hxxp://189.124.131.128:8283/cab/OCXChecker_8320.cab DPF: {EFA7D1AF-C6FB-4BCB-8A7B-A1FE9825D0B3} - hxxp://189.45.97.36:8080/WebControl.cab FF - ProfilePath - c:\documents and settings\Edvan\Dados de aplicativos\Mozilla\Firefox\Profiles\vtzs2umv.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.search.selectedEngine - SweetIM Search FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=689edc1100000000000000265a794b4b&tlver=1.4.19.19&instlRef=sst&affID=17161&q= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\arquivos de programas\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Babylon: ffxtlbr@babylon.com - %profile%\extensions\ffxtlbr@babylon.com FF - Ext: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - %profile%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\arquivos de programas\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\documents and settings\All Users\Dados de aplicativos\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} FF - Ext: Java Quick Starter: jqs@sun.com - c:\arquivos de programas\Java\jre6\lib\deploy\jqs\ff FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\arquivos de programas\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF - Ext: PriceGong: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} - c:\arquivos de programas\PriceGong\2.1.0\FF . - - - - ORFÃOS REMOVIDOS - - - - . AddRemove-aTube Catcher - c:\arquivos de programas\aTube Catcher\uninstall.exe AddRemove-EpocCam - c:\arquivos de programas\EpocCam\uninst.exe AddRemove-MV RegClean 6.0_is1 - c:\arquivos de programas\Marcos Velasco Security\MV RegClean 6.0\unins000.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-04-11 12:21 Windows 5.1.2600 Service Pack 3 NTFS . Procurando processos ocultos ... . Procurando entradas auto inicializáveis ocultas ... . HKCU\Software\Microsoft\Windows\CurrentVersion\Run msnmsgr = "c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background??e . Procurando ficheiros/arquivos ocultos ... . Varredura completada com sucesso arquivos/ficheiros ocultos: 0 . ************************************************************************** . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•6~*] "6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- . - - - - - - - > 'explorer.exe'(3988) c:\windows\system32\WININET.dll c:\windows\system32\webcheck.dll . ------------------------ Outros Processos em Execução ------------------------ . c:\arquivos de programas\Panda USB Vaccine\USBVaccine.exe c:\arquivos de programas\Avira\AntiVir Desktop\avguard.exe c:\arquivos de programas\Avira\AntiVir Desktop\avshadow.exe c:\arquivos de programas\Java\jre6\bin\jqs.exe c:\arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe c:\windows\RTHDCPL.EXE c:\windows\system32\rundll32.exe c:\windows\system32\igfxsrvc.exe c:\windows\system32\IoctlSvc.exe c:\arquivos de programas\Orbitdownloader\orbitnet.exe c:\windows\system32\wdfmgr.exe c:\arquivos de programas\RealVNC\VNC4\WinVNC4.exe c:\arquivos de programas\TeamViewer\Version6\TeamViewer.exe c:\arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe c:\windows\system32\wbem\wmiapsrv.exe c:\arquivos de programas\TeamViewer\Version6\tv_w32.exe c:\arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe c:\arquivos de programas\HP\Digital Imaging\bin\hpqbam08.exe c:\arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe . ************************************************************************** . Tempo para conclusão: 2011-04-11 12:25:57 - Máquina reiniciou ComboFix-quarantined-files.txt 2011-04-11 15:25 . Pré-execução: 12 pasta(s) 20.730.822.656 bytes disponíveis Pós execução: 15 pasta(s) 21.112.066.048 bytes disponíveis . WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 5750EF2347416B5B0BF154B26175B33C Compartilhar este post Link para o post Compartilhar em outros sites
Edvan 30 Denunciar post Postado Abril 11, 2011 Adiantando mais ferramentas 2 Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Versão da Base de Dados: 6333 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 11/4/2011 13:37:13 mbam-log-2011-04-11 (13-37-13).txt Tipo de Verificação: Verificação Completa (C:\|) Objetos escaneados: 207870 Tempo decorrido: 33 minuto(s), 16 segundo(s) Processos de Memória Infectados: 0 Módulos de Memória Infectados: 0 Chaves de Registro Infectadas: 4 Valores de Registro Infectados: 1 Itens de Dados no Registro Infectados: 0 Pastas Infectadas: 0 Arquivos Infectados: 3 Processos de Memória Infectados: (Não foram detectados ítens maliciosos) Módulos de Memória Infectados: (Não foram detectados ítens maliciosos) Chaves de Registro Infectadas: HKEY_CLASSES_ROOT\CLSID\{3A6A11A6-07E6-11D5-AC39-004005404D2E} (Worm.Ructo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{3A6A11A4-07E6-11D5-AC39-004005404D2E} (Worm.Ructo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{0F9550F1-0805-11D5-AC39-004005404D2E} (Worm.Ructo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mczipunziplib.mczip (Worm.Ructo) -> Quarantined and deleted successfully. Valores de Registro Infectados: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\SYSTEM32\MCZIPUNZIPLIB.DLL (Worm.Ructo) -> Value: MCZIPUNZIPLIB.DLL -> Quarantined and deleted successfully. Itens de Dados no Registro Infectados: (Não foram detectados ítens maliciosos) Pastas Infectadas: (Não foram detectados ítens maliciosos) Arquivos Infectados: c:\system volume information\_restore{c6dac6d2-17a8-476d-b769-d4978d02561c}\RP55\A0043176.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. c:\WINDOWS\system32\mczipunziplib.dll (Worm.Ructo) -> Quarantined and deleted successfully. c:\WINDOWS\installer\MSI2DB.tmp (HackTool.Hiderun) -> Quarantined and deleted successfully. ======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 ======= Updated by TeamXscript on 08/04/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com website: http://www.teamxscript.org C:\Arquivos de programas\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 13:45:49 on 11/04/2011, Normal boot Microsoft Windows XP Professional Service Pack 3 (X86) Edvan@ORDENADA-D6B06C ( ) ============== ACTION(S) ============== Folder deleted: C:\Documents and Settings\Edvan\Dados de aplicativos\OpenCandy Folder deleted: C:\Documents and Settings\Edvan\Configurações locais\Dados de aplicativos\OpenCandy Folder deleted: C:\Documents and Settings\Edvan\Dados de aplicativos\PriceGong Folder deleted: C:\Arquivos de programas\PriceGong Folder deleted: C:\Documents and Settings\Edvan\Dados de aplicativos\Toolbar4 (!) -- Temporary files deleted. Key deleted: HKLM\Software\Classes\CLSID\{1631550F-191D-4826-B069-D9439253D926} Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926} Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926} Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926} Key deleted: HKLM\Software\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692} Key deleted: HKLM\Software\Classes\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71} Key deleted: HKLM\Software\Classes\TypeLib\{8B3372D0-09F0-41A5-8D9B-134E148672FB} Key deleted: HKLM\Software\Classes\PriceFactorIE.PriceGongBHO Key deleted: HKLM\Software\Classes\PriceFactorIE.PriceGongBHO.1 Key deleted: HKLM\Software\Classes\PriceGongIE.PriceGongCtrl Key deleted: HKLM\Software\Classes\PriceGongIE.PriceGongCtrl.1 Key deleted: HKLM\Software\Classes\AppID\PriceGongIE.DLL Key deleted: HKCU\Software\PriceGong Key deleted: HKLM\Software\Orbit\OpenCandy Key deleted: HKLM\Software\VDownloader\OpenCandy Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5} Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\pricegong Value deleted: HKCU\Software\Mozilla\Firefox\Extensions|{8a9386b4-e958-4c4c-adf4-8f26db3e4829} ============== ADDITIONNAL SCAN ============== **** Mozilla Firefox Version [3.6.16 (pt-BR)] **** Searchplugins\babylon.xml (hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=689edc1100000000000000265a794b4b&tlver=1.4.19.19&affID=17161/) Searchplugins\buscape.xml (hxxp://busca.buscape.com.br/cprocura) Searchplugins\mercadolivre.xml (hxxp://pmstrk.mercadolivre.com.br/jm/PmsTrk) Searchplugins\wikipedia-br.xml (hxxp://pt.wikipedia.org/wiki/Especial:Busca) Searchplugins\yahoo-br.xml (hxxp://br.search.yahoo.com/search) HKLM_Extensions|smartwebprinting@hp.com - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 HKLM_Extensions|{3112ca9c-de6d-4884-a869-9855de68056c} - C:\Documents and Settings\All Users\Dados de aplicativos\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} HKCU_Extensions|smartwebprinting@hp.com - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 -- C:\Documents and Settings\Edvan\Dados de aplicativos\Mozilla\FireFox\Profiles\vtzs2umv.default -- Extensions\ffxtlbr@babylon.com (Babylon) Extensions\{EEE6C361-6118-11DC-9C72-001320C79847} (SweetIM Toolbar for Firefox) Searchplugins\SweetIM Search.xml (?) Searchplugins\sweetim.xml (?) Prefs.js - browser.download.lastDir, C:\\Documents and Settings\\Edvan\\Desktop Prefs.js - browser.search.defaultenginename, SweetIM Search Prefs.js - browser.search.defaulturl, Prefs.js - browser.search.selectedEngine, SweetIM Search Prefs.js - browser.startup.homepage, hxxp://home.sweetim.com Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.16 Prefs.js - keyword.URL, hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=689edc1100000000000000265a794b4b&tlver=1.4.19.19&instlRef=ss... Prefs.js - sweetim.toolbar.previous.browser.search.defaultenginename, Prefs.js - sweetim.toolbar.previous.browser.search.defaulturl, Prefs.js - sweetim.toolbar.previous.browser.search.selectedEngine, Search the web (Babylon) Prefs.js - sweetim.toolbar.previous.browser.startup.homepage, hxxp://www.google.com.br/ Prefs.js - sweetim.toolbar.previous.keyword.URL, hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=689edc1100000000000000265a794b4b&tl... ======================================== **** Google Chrome Version [10.0.648.204] **** Extension\dhkplhfnhceodhffomolpfigojocbpcb (C:\Arquivos de programas\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbar.crx) (x) -- C:\Documents and Settings\Edvan\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default -- Preferences - default_search_provider: "Google" (Enabled: true) (?) Preferences - homepage: hxxp://home.sweetim.com Preferences - homepage_is_newtabpage: false Plugin - Microsoft DRM (Enabled: true) (C:\Arquivos de programas\Windows Media Player\npdrmv2.dll) Plugin - Microsoft DRM (Enabled: true) (C:\Arquivos de programas\Windows Media Player\npwmsdrm.dll) Plugin - "Microsoft DRM" (Enabled: true) ======================================== **** Internet Explorer Version [8.0.6001.18702] **** HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896 HKCU_Main|Start Page - hxxp://fr.msn.com/ HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Start Page - hxxp://fr.msn.com/ HKCU_URLSearchHooks|{EEE6C35D-6118-11DC-9C72-001320C79847} - "SweetIM ToolbarURLSearchHook Class" (C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgHelper.dll) HKCU_SearchScopes\{6FBF660E-A78D-4dc8-B9DA-302A931FFE66} - "Qbyrd Search" (hxxp://websearch.qbyrd.com/redirect?client=ie&tb=ATU-QBD&o=102357&src=crm&q={sea...) HKCU_SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e} - "Search" (hxxp://www.bigseekpro.com/search/browser/freedesktopclock/{749A97C0-F388-4D56-88...) HKCU_SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} - "SweetIM Search" (hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}) HKLM_SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} - "?" (hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}) HKCU_Toolbar\WebBrowser|{C55BBCD6-41AD-48AD-9953-3609C48EACC7} (C:\Arquivos de programas\Orbitdownloader\GrabPro.dll) HKCU_Toolbar\WebBrowser|{EEE6C35B-6118-11DC-9C72-001320C79847} (C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll) HKLM_Toolbar|{C55BBCD6-41AD-48AD-9953-3609C48EACC7} (C:\Arquivos de programas\Orbitdownloader\GrabPro.dll) HKLM_Toolbar|{EEE6C35B-6118-11DC-9C72-001320C79847} (C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll) HKLM_ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2} - C:\Arquivos de programas\Orbitdownloader\orbitdm.exe (Orbitdownloader.com) HKLM_ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291} - C:\Arquivos de programas\Free Desktop Clock DB Toolbar\TbHelper2.exe (x) HKLM_ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847} - C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe (SweetIM Technologies Ltd.) HKLM_Extensions\{85d1f590-48f4-11d9-9669-0800200c9a66} - "?" (?) HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?) BHO\{000123B4-9B42-4900-B3F7-F4B073EFC214} - "Octh Class" (C:\Arquivos de programas\Orbitdownloader\orbitcth.dll) BHO\{9030D464-4C02-4ABF-8ECC-5164760863C6} - "Auxiliar de Conexão do Windows Live" (C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll) BHO\{EEE6C35C-6118-11DC-9C72-001320C79847} - "SweetIM Toolbar Helper" (C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll) ======================================== C:\Arquivos de programas\Ad-Remover\Quarantine: 38 File(s) C:\Arquivos de programas\Ad-Remover\Backup: 13 File(s) C:\Ad-Report-CLEAN[1].txt - 11/04/2011 13:46:06 (7721 Byte(s)) End at: 13:46:34, 11/04/2011 ============== E.O.F ============== Novo log Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:51:43, on 11/4/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Panda USB Vaccine\USBVaccine.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\rundll32.exe C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\Documents and Settings\Edvan\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe C:\Arquivos de programas\Orbitdownloader\orbitdm.exe C:\Arquivos de programas\Orbitdownloader\orbitnet.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\TeamViewer\Version6\TeamViewer_Service.exe C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\TeamViewer\Version6\TeamViewer.exe C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe C:\Arquivos de programas\TeamViewer\Version6\tv_w32.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqbam08.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe C:\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgHelper.dll O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Arquivos de programas\Arquivos comuns\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" O4 - HKLM\..\Run: [switchBoard] C:\Arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Arquivos de programas\Arquivos comuns\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Edvan\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: CesarFTP.lnk = C:\Arquivos de programas\CesarFTP\CesarFTP.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1292541760281 O16 - DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} (OCXDownloadChecker Control) - http://189.124.131.128:8283/cab/OCXChecker_8320.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {EFA7D1AF-C6FB-4BCB-8A7B-A1FE9825D0B3} (XQWebView Control) - http://189.45.97.36:8080/WebControl.cab O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Avira AntiVir Agendamento (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Arquivos de programas\TeamViewer\Version6\TeamViewer_Service.exe O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe -- End of file - 12243 bytes Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Abril 11, 2011 OK...log limpo. 1. *Execute o AD-Remover e clique [uninstall] > [Não] > [Close] 2. *Clique [iniciar] > [Executar] > copie e cole: Combofix /uninstall *Clique [OK] > [Executar] *Aguarde a mensagem: "ComboFix está desinstalado" e clique [OK] Um abraço. Compartilhar este post Link para o post Compartilhar em outros sites
Edvan 30 Denunciar post Postado Abril 11, 2011 Boa tarde wings. Ao clicar em [iniciar] > [Executar] > copie e cole: Combofix /uninstall, me retorna um erro, como o abaixo: Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Abril 11, 2011 *Baixe o DelFix e salve-o no desktop *Execute-o e clique [suppression] *Cole o relatório apresentado Compartilhar este post Link para o post Compartilhar em outros sites
Edvan 30 Denunciar post Postado Abril 11, 2011 # DelFix v7.6 - Rapport créé le 11/04/2011 à 18:52 # Mis à jour le 31/03/11 à 16h par Xplode # Système d'exploitation : Microsoft Windows XP (32 bits) [versão 5.1.2600] Service Pack 3 # Nom d'utilisateur : Edvan - ORDENADA-D6B06C (Administrateur) # Exécuté depuis : C:\Documents and Settings\Edvan\Desktop\DelFix.exe # Option [suppression] ~~~~~~ Dossier(s) ~~~~~~ -> C:\Qoobox\BackEnv ... ACL modifié avec succès. Supprimé : C:\Qoobox -> C:\Qoobox\BackEnv ... ACL modifié avec succès. Supprimé : C:\ToolBar SD Supprimé : C:\Documents and Settings\Edvan\DoctorWeb ~~~~~~ Fichier(s) ~~~~~~ Supprimé : C:\WINDOWS\grep.exe Supprimé : C:\WINDOWS\PEV.exe Supprimé : C:\WINDOWS\NIRCMD.exe Supprimé : C:\WINDOWS\MBR.exe Supprimé : C:\WINDOWS\sed.exe Supprimé : C:\WINDOWS\SWREG.exe Supprimé : C:\WINDOWS\SWSC.exe Supprimé : C:\WINDOWS\SWXCACLS.exe Supprimé : C:\WINDOWS\zip.exe ~~~~~~ Registre ~~~~~~ Clé Supprimée : HKCU\SOFTWARE\IDAVLab Clé Supprimée : HKLM\Software\swearware Clé Supprimée : HKLM\Software\IDAVLab Clé Supprimée : HKLM\Software\Classes\.cfxxe Clé Supprimée : HKLM\Software\Classes\cfxxefile Clé Supprimée : HKLM\Software\TrendMicro\Hijackthis Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe Clé Supprimée : HKLM\System\CurrentControlSet\Enum\Root\LEGACY_DWPROT ~~~~~~ Autre ~~~~~~ -> ESET Online Scanner ... Désinstallé avec succès -> BitDefender Online Scanner ... Désinstallé avec succès -> Prefetch vidé ########## EOF - "C:\DelFixSuppr.txt" - [1623 octets] ########## Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Abril 11, 2011 *Execute o DelFix e clique [Désinstallation] Um abraço. Compartilhar este post Link para o post Compartilhar em outros sites
Edvan 30 Denunciar post Postado Abril 12, 2011 flw wings :joia: pode setar como resolvido.. ;) Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Abril 12, 2011 PROBLEMA RESOLVIDO Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico. Compartilhar este post Link para o post Compartilhar em outros sites
